|
|
|
|
|
|
by qual
699 days ago
|
|
|
You're presenting this as if its a new idea, but the security industry tried the above (for the majority of the time that "computer security" has been a thing) and... it didn't work! That's the whole reason public disclosure came about in the first place -- there's quite a rich history there if you're interested. Some other thoughts: >You let the manufacturer know, and you let them decide for the next steps. Which, as history has proven, the "next steps" is generally to sweep it under the rug and to be forgotten about until it's exploited by a bad actor. >it's not your business But, what about when it is? On-topic: I drive a car, so I care about vulnerabilities in traffic lights and they may directly affect me. It's also my business if my personal data is stolen, or my identity, or corporate data, etc. >You helped: no lawyers, no problems. No problems... Until the vulnerability is exploited and it causes me a problem. |
|
|